steven-bellock
commented
2 months ago @jyao1 you might have to take this. I'm getting errors when running https://github.com/DMTF/libspdm/blob/main/os_stub/openssllib/process_files.pl
Open apop5 opened 2 months ago
steven-bellock
commented
2 months ago @jyao1 you might have to take this. I'm getting errors when running https://github.com/DMTF/libspdm/blob/main/os_stub/openssllib/process_files.pl
cryptography 38.0.4 is consumed in https://github.com/DMTF/libspdm/tree/main/os_stub/openssllib
This is being flagged due to known vulerabilities:
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
The recommendation is to upgrade cryptography from 38.0.4 to 42.0.0 to fix the vulnerability.